Quantum-Era Security Discourse and Side-Channel Risks for PQC-Enabled AI Inference
A Vulnerable U episode previewed content filmed at Palo Alto Networks focused on how quantum computing is expected to impact security planning over the next decade, arguing that while the underlying physics is complex, many preparedness actions resemble familiar infosec transitions (e.g., inventorying cryptography dependencies and planning migrations). It also highlighted how public debate around encryption can be distorted by headlines—citing renewed discussion tied to a WhatsApp-related lawsuit and pointing to cryptographer Matthew Green’s technical breakdown as a corrective to overbroad claims that “end-to-end encryption is broken.”
Separately, Gopher Security warned that adopting post-quantum cryptography (PQC) does not address implementation-layer leakage, emphasizing that side-channel attacks (including remotely observable timing/power effects such as Hertzbleed) can undermine “quantum-safe” designs. The post described how electromagnetic (EM) emissions from AI hardware can leak sensitive information during inference, citing research such as BarraCUDA (weight extraction from NVIDIA Jetson devices via EM measurements) and academic work indicating side-channels can break embedded AI “black-box” assumptions by enabling extraction of logits/weights or gradient estimation—creating model theft and evasion risks even when cryptographic algorithms are strong.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
10 events from the most recent confirmed update back to the earliest known activity.
Court filing says iPhone Lockdown Mode blocked FBI access
A court filing indicated that Apple iPhone Lockdown Mode prevented the FBI from accessing a reporter’s iPhone, illustrating the feature’s real-world defensive impact.
Unit 42 details ShadowGuard and Diaoyu espionage campaign
Palo Alto Networks Unit 42 described a broad, geopolitically aligned campaign using the ShadowGuard eBPF kernel rootkit together with a custom loader called Diaoyu.
China-linked espionage campaign exploits WinRAR vulnerability
Reporting described China-linked espionage activity leveraging a WinRAR vulnerability as part of ongoing operations.
APT28 rapidly exploits newly patched Microsoft Office flaw
Russia-linked APT28 was reported to have quickly begun exploiting a newly patched Microsoft Office vulnerability after a fix became available.
China-linked actors reportedly compromise Notepad++ update infrastructure
A reported supply-chain compromise affected Notepad++ update infrastructure, with the activity attributed to China-linked attackers.
Attackers actively exploit React Native Metro RCE bug
Reports indicated active exploitation of a React Native Metro vulnerability that allows remote command execution against exposed development servers.
CISA warns active exploitation of GitLab SSRF flaw
CISA warned that an older GitLab server-side request forgery vulnerability was being actively exploited in the wild, elevating the urgency for organizations to patch exposed systems.
One-trace horizontal attack reported against mkm4 Kyber on Cortex-M4
A reported side-channel attack demonstrated secret extraction from a Cortex-M4 implementation of Kyber (mkm4) using a single trace, highlighting implementation risks in post-quantum cryptography.
BarraCUDA research shows EM extraction of AI model weights
Researchers reported that electromagnetic emissions from NVIDIA Jetson devices during inference could be used to recover neural network weights, undermining the assumption that deployed models are only accessible as black boxes.
Hertzbleed demonstrates remotely observable power-related leakage
The Hertzbleed research showed that power-related side-channel leakage can be observed remotely through runtime effects, challenging the assumption that side-channel attacks require physical access.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Commentary on Quantum Computing Risk and Broader Cybersecurity Posture
Several opinion pieces argue that **quantum computing** is shifting cyber risk from a future “Q-day” milestone to a present-day confidentiality problem. Help Net Security highlights the *harvest-now, decrypt-later* threat model for financial services, warning that adversaries can collect encrypted traffic today and decrypt it later once quantum capability matures—creating retroactive exposure for long-lived sensitive identity and transaction data. A separate vendor blog post extends the theme into speculative **quantum-enabled side-channel attacks**, claiming quantum algorithms could accelerate analysis of electromagnetic/timing leakage and even exploit metadata/timing patterns in AI integration protocols such as the *Model Context Protocol (MCP)*. Other references are broader security commentary rather than a single incident: SC Media outlines how **multi-cloud** complexity (configuration drift, fragmented visibility, inconsistent policy enforcement, and API exposure) can increase security gaps, while CyberScoop argues that the AI-driven data center investment boom makes **secure-by-design** controls and resilience planning non-negotiable due to cascading impacts from ransomware, supply-chain compromise, and OT disruption. Emsisoft similarly frames rising victimization and state activity as evidence that traditional defensive assumptions are failing, citing examples of nation-state operations (e.g., telecom compromises and financially motivated state programs) to argue for a strategic shift in defensive posture rather than incremental tooling changes.
Mar 21, 2026
Post-Quantum Cryptography Planning for Identity and Machine-to-Machine Security
Security teams are accelerating **post-quantum cryptography (PQC)** planning as quantum computing threatens widely used public-key algorithms such as **RSA** and **ECC**, with particular concern for long-lived data and identity systems. Gopher Security argues that AI-agent identity and authorization flows—especially those relying on asymmetric signatures (e.g., **JWT** signing) and emerging AI integration patterns like the **Model Context Protocol (MCP)**—could be exposed to “harvest now, decrypt later” collection and future signature-forgery/impersonation risks if organizations delay migration; it also notes that simply increasing symmetric key sizes (e.g., moving to **AES-256**) does not address the asymmetric identity layer. Separately, Europol-coordinated research (as reported by Help Net Security) provides a practical prioritization framework for **financial institutions** to decide where PQC migration should start, combining a **Quantum Risk Score** (based on data “shelf life,” exposure, and business impact) with an estimate of **migration time/complexity** so leadership can sequence upgrades defensibly rather than attempting a “big bang” replacement. Additional Gopher Security material frames the same broader shift as a machine-identity problem—where service accounts, microservices, and automated connections dominate—and emphasizes modern transport protections (e.g., **TLS 1.3**) and stronger integrity/verification approaches for machine-to-machine data access, aligning with the need to modernize cryptographic controls as part of PQC readiness.
Apr 9, 2026
Post-Quantum Security for Federated Learning and AI Inference Environments
Advancements in quantum computing are exposing significant vulnerabilities in traditional cryptographic protections used within federated learning and AI inference environments. Federated learning, which relies on protocols like Model Context Protocol (MCP) to exchange sensitive model updates, is particularly at risk due to its dependence on encryption schemes such as RSA that are susceptible to quantum attacks. Security experts are emphasizing the urgent need to adopt post-quantum cryptographic measures to safeguard data against the threat of 'harvest now, decrypt later' attacks, where adversaries collect encrypted data now with the intention of decrypting it once quantum capabilities become available. In addition to encryption concerns, real-time threat detection is becoming critical as AI inference systems are increasingly deployed in high-stakes sectors like healthcare, finance, and autonomous vehicles. Traditional security approaches, which rely on static signatures and known attack patterns, are inadequate against the dynamic and context-driven threats targeting AI systems. Experts recommend implementing context-aware, post-quantum security solutions that can detect anomalies and respond in real time, ensuring the integrity and confidentiality of AI-driven operations as quantum computing continues to evolve.
Mar 21, 2026